Scientific Linux SL4: OpenLDAP Low Access Control Flaw CVE-2006-4600

May 14, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory access control openldap low Scientific Linux self-write

Low: openldap security update

Date: Mon, 14 May 2007 15:54:10 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA for openldap on SL4.x i386/x86_64
Comments: To: scientific 

Synopsis: Low: openldap security update
Issue date: 2007-05-01
CVE Names: CVE-2006-4600

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
(CVE-2006-4600)

SRPMS:
 	openldap-2.2.13-7.4E.src.rpm

i386:
 	compat-openldap-2.1.30-7.4E.i386.rpm
 	openldap-2.2.13-7.4E.i386.rpm
 	openldap-clients-2.2.13-7.4E.i386.rpm
 	openldap-devel-2.2.13-7.4E.i386.rpm
 	openldap-servers-2.2.13-7.4E.i386.rpm
 	openldap-servers-sql-2.2.13-7.4E.i386.rpm

x86_64:
 	compat-openldap-2.1.30-7.4E.i386.rpm
 	compat-openldap-2.1.30-7.4E.x86_64.rpm
 	openldap-2.2.13-7.4E.i386.rpm
 	openldap-2.2.13-7.4E.x86_64.rpm
 	openldap-clients-2.2.13-7.4E.x86_64.rpm
 	openldap-devel-2.2.13-7.4E.x86_64.rpm
 	openldap-servers-2.2.13-7.4E.x86_64.rpm
 	openldap-servers-sql-2.2.13-7.4E.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here